Allbridge, with support from the Stellar Development Foundation, mandated Quarkslab to perform an audit of Estrela, an automated market maker for Stellar built on Soroban.
Introduction
Allbridge Core enables users to transfer dollar-pegged tokens ("stablecoins") between different blockchains. As of today, their smart contracts manage over $38 million locked across the chains they support. To transfer funds across different blockchains, there needs to be a liquidity pool (i.e. locked stablecoins) on both ends of the transfer. On the sending end, the pool determines the exact value of the tokens to bridge, and this value is subsequently converted back to stablecoins on the receiving end by the other endpoint's pool.
To determine the exact value of stablecoins, Allbridge Core uses a partial automated market maker (AMM) integrated into their endpoints. AMMs are built to maintain an invariant at all time, representing the actual value of all locked assets. This invariant lets the market maker always provide a price for its assets. As they deal with stablecoins, Allbridge's implementation uses the StableSwap invariant.
Earlier this year, leveraging our experience with the newly deployed Soroban smart contract platform, we audited the Soroban endpoint of their bridge. Soroban is Stellar's smart contract platform, recently deployed on their mainnet, that we also audited for the Stellar Development Foundation.
Allbridge then decided to extract the partial AMM from their bridge and make it a fully fledged AMM for Soroban, supporting binary pools of stablecoins, called Estrela. They tasked us to assess the security of their implementation. Our report is available on Allbridge's website.
Scope
The audit mainly focused on the implementation of the pool smart contract, implemented in Rust for Soroban, handling transfers between two specific stablecoins. We also audited the supporting factory smart contract, able to deploy new pools for new pairs of stablecoins.
The source for these smart contracts is available on GitHub: allbridge-io/dex-soroban-contracts.
Findings
The table below summarizes the findings of the audit. A total of 7 issues were found, with 1 ranked high severity.
ID | Title | Severity | Perimeter |
---|---|---|---|
HIGH-1 | Integer overflow when depositing liquidity can lead to loss of funds if the pool is configured with a high enough amplification factor (A >= 121 ) |
High | Pool (get_d ) |
LOW-1 | Admin can update the factory source code (centralization risk) | Low | Factory |
LOW-2 | Admin can update the pool source code (centralization risk) | Low | Pool |
INFO-1 | Excessive pool creation can lead to a Denial of Service | Info | Factory |
INFO-2 | Integer overflow in internal function (unreachable) | Info | Both (cbrt ) |
INFO-3 | Full fees on liquidity withdrawal | Info | Pool (get_withdraw_amount ) |
INFO-4 | Code duplication for sending rewards | Info | Pool (claim_rewards , get_pending and get_reward_debts ) |
Allbridge fixed the high severity issue (HIGH-1), the DoS risk (INFO-1) and code issues (INFO-2 and INFO-4).
They acknowledged the centralization risk (LOW-1 and LOW-2) and plan to address it by developing a cross-chain DAO in their 2024 timeline. They stated that issue INFO-3 is intended behavior to prevent users from swapping tokens by performing a deposit and a withdrawal rather than a swap.
Technical takeaways
In Rust, integer overflows are checked at runtime in debug mode,
and also in release mode if the profile.release.overflow-checks = true
configuration option is set.
However, when using ethnum::U256
, the check is not performed, which led to the high severity issue.
Conclusion
Leveraging their experience with the Allbridge Core endpoint for Soroban, Allbridge developed Estrela with the same great level of code maturity and sophistication. They promptly reacted to our findings and responded in a satisfactory manner.
Quarkslab had a successful collaboration with Allbridge with the help of the Stellar Development Foundation and participated in securing a key component of the ecosystem. During the audit, this evaluation unveiled one high severity issue. Going forward, we strive to continue pursuing our mission of advancing security in the Web3 ecosystem.
If you would like to learn more about our security audits and explore how we can help you, get in touch with us!